Vulnerability CVE-2009-1364

Vulnerability Name:

CVE-2009-1364 (CCN-50290)

Assigned:

2009-04-27

Published:

2009-04-27

Updated:

2018-10-30

Summary:

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other
CWE-416

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-1364

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:011

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1132

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1134

Source: CCN
Type: RHSA-2009-0457
Moderate: libwmf security update

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0457

Source: CCN
Type: SA34901
libwmf Embedded GD Library Use-After-Free Vulnerability

Source: SECUNIA
Type: UNKNOWN
34901

Source: SECUNIA
Type: UNKNOWN
34964

Source: SECUNIA
Type: UNKNOWN
35001

Source: SECUNIA
Type: UNKNOWN
35025

Source: SECUNIA
Type: UNKNOWN
35190

Source: SECUNIA
Type: UNKNOWN
35416

Source: SECUNIA
Type: UNKNOWN
35686

Source: GENTOO
Type: UNKNOWN
GLSA-200907-01

Source: CCN
Type: SECTRACK ID: 1022154
libwmf User-After-Free Bug Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2009-160
libwmf security update (RHSA-2009-0457)

Source: CONFIRM
Type: UNKNOWN
http://wvware.cvs.sourceforge.net/viewvc/wvware/libwmf2/src/extra/Makefile.am?hideattic=0&view=log

Source: CCN
Type: libwmf Web site
libwmf, library to convert wmf files

Source: DEBIAN
Type: UNKNOWN
DSA-1796

Source: DEBIAN
Type: DSA-1796
libwmf -- pointer use-after-free

Source: CCN
Type: GLSA-200907-01
libwmf: User-assisted execution of arbitrary code

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:106

Source: CCN
Type: OSVDB ID: 56286
libwmf Embedded GD Library WMF File Handling Use-After-Free Arbitrary Code Execution

Source: BID
Type: UNKNOWN
34792

Source: CCN
Type: BID-34792
libwmf WMF Image File Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022154

Source: CCN
Type: USN-769-1
libwmf vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-769-1

Source: VUPEN
Type: UNKNOWN
ADV-2009-1228

Source: CCN
Type: Red Hat Bugzilla Bug 496864
CVE-2009-1364 libwmf: embedded gd use-after-free error

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=496864

Source: XF
Type: UNKNOWN
libwmf-gdlibrary-code-execution(50290)

Source: XF
Type: UNKNOWN
libwmf-gdlibrary-code-execution(50290)

Source: CONFIRM
Type: UNKNOWN
https://launchpad.net/bugs/cve/2009-1364

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10959

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-5518

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-5524

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-5517

Source: SUSE
Type: SUSE-SR:2009:011
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:francis_james_franklin:libwmf:0.2.8.4:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20091364	V	CVE-2009-1364	2022-09-01
oval:org.opensuse.security:def:11141	P	Security update for ssh-audit (Moderate)	2021-10-20
oval:org.opensuse.security:def:47192	P	yast2-users-3.1.57-16.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47035	P	libjavascriptcoregtk-3_0-0-2.4.11-23.20 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47955	P	atftp-0.7.0-160.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47161	P	sysconfig-0.84.0-13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46951	P	glib2-lang-2.48.2-10.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47901	P	tar-1.27.1-15.3.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47097	P	libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47263	P	ghostscript-9.15-22.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:11230	P	Security update for live555 (Moderate)	2021-06-28
oval:org.opensuse.security:def:11868	P	libXvnc1-1.6.0-12.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46590	P	vorbis-tools-1.4.0-16.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16514	P	libgnutls-devel-3.3.27-3.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11271	P	cifs-utils-6.4-3.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16472	P	libXext-devel-1.3.2-4.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11386	P	libpcsclite1-1.8.10-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11562	P	java-1_7_0-openjdk-1.7.0.91-21.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11495	P	autofs-5.0.9-8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12222	P	libldb1-1.1.29-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46499	P	libmysqlclient18-10.0.11-6.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16480	P	libXrender-devel-0.9.8-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16656	P	spice-gtk-devel-0.33-3.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11339	P	libXfont1-1.4.7-2.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11420	P	logrotate-3.8.7-3.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11584	P	libXrender1-0.9.8-3.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11890	P	libgssglue1-0.4-3.83 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46737	P	libjavascriptcoregtk-3_0-0-2.4.8-16.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16599	P	libvorbis-devel-1.3.3-10.14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11293	P	empathy-3.10.3-1.131 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11263	P	accountsservice-0.6.35-1.126 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11401	P	libsmi-0.4.8-18.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11571	P	libHX28-3.18-1.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11520	P	dia-0.97.2-13.253 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12244	P	libpcre1-32bit-8.39-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11217	P	Security update for exim (Critical)	2021-05-20
oval:org.opensuse.security:def:11208	P	Security update for monitoring-plugins-smart (Important)	2021-05-10
oval:org.opensuse.security:def:11166	P	Security update for privoxy (Moderate)	2021-01-05
oval:org.opensuse.security:def:16687	P	apache-pdfbox-1.8.12-3.5.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16934	P	ncurses-devel-5.9-64.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16865	P	libpcrecpp0-8.39-8.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16922	P	libzmq3-4.0.4-15.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16833	P	libjbig-devel-2.0-12.13 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:46367	P	libpython3_4m1_0-3.4.1-2.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16723	P	flex-2.5.37-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16956	P	python3-devel-3.4.6-25.29.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:52727	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:46041	P	Security update for virglrenderer (Important)	2020-12-01
oval:org.opensuse.security:def:53278	P	Security update for dovecot23 (Important)	2020-12-01
oval:org.opensuse.security:def:54109	P	python-imaging on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24546	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:53835	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:55504	P	Security update for DirectFB (Important)	2020-12-01
oval:org.opensuse.security:def:24766	P	Security update for blktrace (Low)	2020-12-01
oval:org.opensuse.security:def:25114	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:10985	P	libcdio++0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17620	P	Security update for libwmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:46055	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:52705	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:11066	P	libsoup-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53105	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:54035	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24420	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:53550	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:54228	P	kernel-default on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24347	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:24683	P	Security update for libgxps (Moderate)	2020-12-01
oval:org.opensuse.security:def:25070	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:24969	P	Security update for kernel-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:25787	P	Security update for libwmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:10939	P	gtk2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17594	P	Security update for python-setuptools (Moderate)	2020-12-01
oval:org.opensuse.security:def:46042	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:10909	P	file-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11047	P	libpng16-compat-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52867	P	Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:24357	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:52704	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53384	P	Security update for postgresql12 (Important)	2020-12-01
oval:org.opensuse.security:def:54147	P	yast2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24627	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25056	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:53943	P	cups-pk-helper on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55578	P	Security update for libwmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:24916	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25752	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:10917	P	fuse-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11032	P	libnetpbm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46175	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.mitre.oval:def:29380	P	RHSA-2009:0457 -- libwmf security update (Moderate)	2015-08-17
oval:org.opensuse.security:def:78212	P	Security update for libwmf (Moderate)	2015-07-31
oval:org.mitre.oval:def:12984	P	USN-769-1 -- libwmf vulnerability	2014-06-30
oval:org.mitre.oval:def:13456	P	DSA-1796-1 libwmf -- pointer use-after-free	2014-06-23
oval:org.mitre.oval:def:7918	P	DSA-1796 libwmf -- pointer use-after-free	2014-06-23
oval:org.mitre.oval:def:21888	P	ELSA-2009:0457: libwmf security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:10959	V	Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.	2013-04-29
oval:org.debian:def:1796	V	pointer use-after-free	2009-05-07
oval:com.redhat.rhsa:def:20090457	P	RHSA-2009:0457: libwmf security update (Moderate)	2009-04-30

BACK